Tricryption® Anonymization:

Anonymization in its generic definition replaces Personal Identifiable Information (PII) and other sensitive identifying data elements with a non-sensitive identifier. The sensitive data may be then separated from the non-sensitive data. Tricryption® Anonymization embeds a unique automated process utilizing cryptographic procedures allowing key based access control through use of encrypted and secure ’Hidden Links’ or key pointers. These encrypted pointers actually form the replacement data values for the segregated sensitive information providing both unique identification for data records and secure pointers to the keys required to re-associate the data. Anonymization can be implemented internally by an organization or federated by use of a third party.

The process steps (depicted in the above graphic) for the Tricryption® Anonymization process are:

Relational database: Combines sensitive and/or personal identifiable information with non-attributable data. The non-attributable data needs to be shared, but the identity must be protected. The data however, still needs to be precisely and uniquely specified. Good candidates for anonymization include databases with shared data to ‘pooled’ repositories, protected source data, medical and clinical research data, financial data, etc...

Isolate & separate sensitive and/or private data: In order to protect sensitive fields within a data record, the sensitive information must be identified and separated from the other public of disclosable information. Sensitive data may be data, metadata, schema, or relational information. Examples of sensitive data include names, SSNs, addresses, telephone numbers, and financial account numbers.

Encrypt the sensitive data, store that data securely, create key pointer, and provide an alias or pseudonym to identify the data: This is the core of the Tricryption automated anonymization process. The sensitive data is encrypted and stored with a series of related encrypted key pointers or ‘Hidden Links’. These ‘Hidden Links’ form both the secure accessibility pathway to the key for sensitive data decryption, as well as the actual alias value that replaces the sensitive data in the original data set.

Merge the data alias with the database to replace the separated sensitive data: In order to anonymize yet retain the ability to uniquely identify the data, the removed data and any associated relationships must replaced. This replacement by a cryptographically generated data string ensures persistent anonyminity and re-association access to only those designated and authorized by the data owner.

Share the data without threat of sensitive or privacy compromise: With the data now anonymized within the database, it can be shared with others directly or via ‘pooled’ data repositories. Best of all, the data may be shared on two levels: one, the data can remain anonymous; or two, the data and the sensitive information may later be re-associated with originator authorization.

Re-associate the secured sensitive data: Tricryption® allows secure re-association of the sensitive data with its disclosable record or portion of the database. Use of a multi-step cryptographic ‘alias-to-sensitive-information’ association process guarantees only those on the access control list will have the ability to re-associate sensitive identifying information. Internal (trusted insiders, database administrators, etc...) and external compromise threats (alias association table loss, dictionary attacks, etc...) are prevented with Tricryption® Anonymization.